English Abstract

Honeypots have cemented their place as a tool used by organizations to study and
analyze the threats against their networks and to find the vulnerabilities within. The down
side of using Honeypots is the extensive amount of data they produce, making it virtually
impossible to analyze manually. Researchers have come up with different ways to identify
malicious activities in the Honeypot data. In this thesis, we propose to use the clustering
algorithms to improve on an existing entropy based scheme used for identifying malicious
activities in Honeynet traffic. The existing scheme partially requires manual inspection of
the output to identify the different malicious activities. In this work, we implemented two
clustering algorithms namely Density Based Spatial Clustering of Applications with
Noise (DBSCAN) and Hierarchical Clustering. Then, we applied these algorithms to
datasets, i.e., PCAP traces, provided by the Honeynet organization. Our results were
compared with those obtained by the earlier scheme, and they showed that the use of
automatic clustering can produce similar results, as it was produced by manual
inspection, with better time efficiency.

Item Type:

Thesis (Masters)

Subjects:

Computer

Divisions:

College Of Computer Sciences and Engineering > Information and Computer Science Dept